metadata
language:
- en
license: apache-2.0
tags:
- sentence-transformers
- sentence-similarity
- feature-extraction
- dense
- generated_from_trainer
- dataset_size:1580
- loss:MatryoshkaLoss
- loss:MultipleNegativesRankingLoss
base_model: intfloat/multilingual-e5-large
widget:
- source_sentence: >-
When should supervisory authorities monitor the application of the
provisions?
sentences:
- >-
**Court (Civil/Criminal): Civil**
**Provisions:**
**Time of commission of the act:**
**Outcome (not guilty, guilty):**
**Reasoning:** Partially accepts the lawsuit.
**Facts:** The plaintiff, who works as a lawyer, maintains a savings
account with the defendant banking corporation under account number
GR.............. Pursuant to a contract dated June 11, 2010, established
in Thessaloniki between the defendant and the plaintiff, the plaintiff
was granted access to the electronic banking system (e-banking) to
conduct banking transactions remotely. On October 10, 2020, the
plaintiff fell victim to electronic fraud through the "phishing" method,
whereby an unknown perpetrator managed to extract and transfer €3,000.00
from the plaintiff’s account to another account of the same bank.
Specifically, on that day at 6:51 a.m., the plaintiff received an email
from the sender ".........", with the address ..........., informing him
that his debit card had been suspended and that online payments and cash
withdrawals could not be made until the issue was resolved. The email
urged him to confirm his details within the next 72 hours by following a
link titled "card activation."
The plaintiff read the above email on his mobile phone around 8:00 a.m.,
and believing it came from the defendant, he followed the instructions
and accessed a website that was identical (a clone) to that of the
defendant. On this page, he was asked to enter his login credentials to
connect to the service, which he did, and he was subsequently asked to
input his debit card details for the alleged activation, which he also
provided. Then, to complete the process, a number was sent to his mobile
phone at 8:07 a.m. from the sender ........, which he entered, and two
minutes later he received a message from the same sender in English
stating that the quick access code had been activated on his mobile. A
few minutes later, at 8:18 a.m., he received an email from the defendant
informing him of the transfer of €3,000.00 from his account to account
number GR ........... held at the same bank, with the beneficiary's
details being .......... As soon as the plaintiff read this, he
immediately called the defendant's call center and canceled his debit
card, the access codes for the service ......., and locked the
application .......... At the same time, he verbally submitted a request
to dispute and cancel the contested transaction, and in a subsequent
phone call, he also canceled his credit card. On the same day, he also
sent an email to the defendant informing them in writing of the above
and requesting the cancellation of the transaction and the return of the
amount of €3,000.00 to his account, as this transfer was not made by him
but by an unknown perpetrator through electronic fraud and was not
approved by him. It should also be noted that the plaintiff, as the sole
beneficiary according to the aforementioned contract for using the
defendant's Internet Banking service, never received any update via SMS
or the VIBER application from the bank regarding the transaction details
before its completion, nor did he receive a one-time code (OTP) to
approve the contested transaction. He subsequently filed a complaint
against unknown persons at the Cyber Crime Division for the crime of
fraud. The defendant sent an email to the plaintiff on October 16, 2020,
informing him that his request had been forwarded to the appropriate
department of the bank for investigation, stating that the bank would
never send him an email or SMS asking him to enter his personal data and
that as of October 7, 2020, there was a notice posted for its customers
regarding malicious attempts to steal personal data in the "Our News"
section on ....... A month after the disputed incident, on November 10,
2020, an amount of €2,296.82 was transferred to the plaintiff's account
from the account to which the fraudulent credit had been made. The
plaintiff immediately sent an email to the defendant asking to be
informed whether this transfer was a return of part of the amount that
had been illegally withdrawn from his account and requested the return
of the remaining amount of €703.18. In its response dated January 13,
2021, the defendant confirmed that the aforementioned amount indeed came
from the account to which the fraudulent credit had been made, following
a freeze of that account initiated by the defendant during the
investigation of the incident, but refused to return the remaining
amount, claiming it bore no responsibility for the leak of the personal
codes to third parties, according to the terms of the service contract
established between them.
From the entirety of the evidence presented to the court, there is no
indication of the authenticity of the contested transaction, as the
plaintiff did not give his consent for the execution of the transfer of
the amount of €3,000.00, especially in light of the provision in Article
72 paragraph 2 of Law 4537/2018 stating that the mere use of the
Internet Banking service by the plaintiff does not necessarily
constitute sufficient evidence that the payer approved the payment
action. Specifically, it was proven that the contested transaction was
not carried out following a strong identification of the plaintiff – the
sole beneficiary of the account – and his approval, as the latter may
have entered his personal codes on the counterfeit website; however, he
was never informed, before the completion of the contested transaction,
of the amount that would be transferred from his account to a
third-party account, nor did he receive on his mobile phone, either via
SMS or through the VIBER application or any other means, the one-time
code - extra PIN for its completion, which he was required to enter to
approve the contested transaction (payment action) and thus complete his
identification, a fact that was not countered by any evidence from the
defendant. Furthermore, it is noted that the defendant's claims that it
bears no responsibility under the terms of the banking services
contract, whereby it is not liable for any damage to its customer in
cases of unauthorized use of their personal access codes to the Internet
Banking service, are to be rejected as fundamentally unfounded. This is
because the aforementioned contractual terms are invalid according to
the provision of Article 103 of Law 4537/2018, as they contradict the
provisions of Articles 71, 73, and 92 of the same Law, which provide for
the provider's universal liability and its exemption only for unusual
and unforeseen circumstances that are beyond the control of the party
invoking them and whose consequences could not have been avoided despite
all efforts to the contrary; these provisions establish mandatory law in
favor of users, as according to Article 103 of Law 4537/2018, payment
service providers are prohibited from deviating from the provisions to
the detriment of payment service users, unless the possibility of
deviation is explicitly provided and they can decide to offer only more
favorable terms to payment service users; the aforementioned contractual
terms do not constitute more favorable terms but rather disadvantageous
terms for the payment service user. In this case, however, the defendant
did not prove the authenticity of the transaction and its approval by
the plaintiff and did not invoke, nor did any unusual and unforeseen
circumstances beyond its control, the consequences of which could not
have been avoided despite all efforts to the contrary, come to light.
Therefore, the contested transaction transferring the amount of
€3,000.00 is considered, in the absence of demonstrable consent from the
plaintiff, unapproved according to the provisions of Article 64 of Law
4537/2018, and the defendant's contrary claims are rejected, especially
since the plaintiff proceeded, according to Article 71 paragraph 1 of
Law 4537/2018, without undue delay to notify the defendant regarding the
contested unapproved payment action. Consequently, the defendant is
liable for compensating the plaintiff for the positive damage he
suffered under Article 73 of Law 4537/2018 and is obliged to pay him the
requested amount of €703.18, while the plaintiff’s fault in the
occurrence of this damage cannot be established, as he entered his
personal details in an online environment that was a faithful imitation
of that of the defendant, as evidenced by the comparison of the
screenshots of the fake website and the real website provided by the
plaintiff, a fact that he could not have known while being fully
convinced that he was transacting with the defendant. Furthermore, the
defendant’s liability to compensate the plaintiff is based on the
provision of Article 8 of Law 2251/1994, which applies in this case, as
the plaintiff's damage resulted from inadequate fulfillment of its
obligations in the context of providing its services, but also on the
provision of Article 914 of the Civil Code in the sense of omission on
its part of unlawfully and culpably imposed actions. In this case, given
that during the relevant period there had been a multitude of similar
incidents of fraud against the defendant's customers, the latter, as a
service provider to the consumer public and bearing transactional
obligations of care and security towards them, displayed gross
negligence regarding the security provided for electronic transaction
services, which was compromised by the fraudulent theft of funds, as it
did not comply with all required high-security measures for executing
the contested transaction, failing to implement the strict customer
identification verification process and to check the authenticity of the
account to which the funds were sent, thus not assuming the suspicious
nature of the transaction, did not adopt comprehensive and improved
protective measures to fully protect its customers against malicious
attacks and online fraud and to prevent the infiltration of unauthorized
third parties, nor did it fulfill its obligations to inform, accurately
inform, and warn its consumers - customers, as it failed to adequately
inform them of attempts to steal their personal data through the sending
of informative emails or SMS, while merely posting in a section rather
than on a central banner (as it later did) does not constitute adequate
information such that it meets the requirement of protecting its
customers and the increased safeguarding of their interests. Although
the plaintiff acted promptly and informed the defendant on the same day
about the contested incident, the defendant did not act as promptly
regarding the investigation of the incident and the freezing of the
account that held the fraudulent credit to prevent the plaintiff's loss,
but only returned part of the funds to the plaintiff a month later. This
behavior, beyond being culpable due to gross negligence, was also
unlawful, as it would have been illegal even without the contractual
relationship, as contrary to the provisions of Law 4537/2018 and Law
2251/1994, regarding the lack of security of the services that the
consumer is legitimately entitled to expect, as well as the building of
trust that is essential in banking transactions, elements that it was
obligated to provide within the sphere of the services offered, and
contrary to the principles of good faith and commercial ethics, as
crystallized in the provision of Article 288 of the Civil Code, as well
as the general duty imposed by Article 914 of the Civil Code not to
cause harm to another culpably. This resulted not only in positive
damage to the plaintiff but also in causing him moral harm consisting of
his mental distress and the disruption, agitation, and sorrow he
experienced, for which he must be awarded financial compensation. Taking
into account all the general circumstances of the case, the extent of
the plaintiff's damage, the severity of the defendant's fault, the
mental distress suffered by the plaintiff, the insecurity he felt
regarding his deposits, the sorrow he experienced, and the stress caused
by his financial loss, which occurred during the pandemic period when
his earnings from his professional activity had significantly decreased,
as well as the financial and social situation of the parties, it is the
court's opinion that he should be granted, as financial compensation for
his moral harm, an amount of €250.00, which is deemed reasonable and
fair. Therefore, the total monetary amount that the plaintiff is
entitled to for his positive damage and financial compensation for the
moral harm suffered amounts to a total of (€703.18 + €250.00) = €953.18.
- >-
Court (Civil/Criminal): Criminal
Provisions: Article 42 paragraphs 1, 2, 3, and 7 of Law 4557/2018
Time of commission of the act:
Outcome (not guilty, guilty):
Reasoning: Obligation of the payment service provider, such as banks, to
inform their contracting customer after receiving a relevant order for a
payment to be made on their behalf. Content of the above notification at
the stage of receiving the payment order and during its execution. Terms
of liability for the provider regarding compensation for non-execution,
erroneous, or delayed execution of payment transactions. In particular,
in the case of an unauthorized or erroneous payment, the user is
required to notify the provider within a specified timeframe as soon as
they become aware of the corresponding transaction. The provisions of
Law 4357/2018 establish mandatory legal regulations in favor of users of
payment services and cannot be contractually modified to their
detriment, but only to their benefit. Defenses available to payment
service providers to relieve them of liability. Burden of proof
distribution between the parties. This responsibility of banks may also
stem from Law 2251/1994, as they provide services to the public and are
considered suppliers. Conditions for supplier liability under the
aforementioned legislation. Distribution of the burden of proof between
the litigants to demonstrate liability for compensation under Law
2251/1994. Terms of concurrency between contractual and tort liability
for compensation. The court partially accepts the lawsuit.
Facts: On 01/09/2021, an unknown perpetrator sent an email to her from
the electronic address “...............”, in which they stated that for
security reasons she needed to confirm her account with the bank .......
Not realizing that it was a scam, she followed the attached hyperlink,
entered her personal information, resulting in an unknown perpetrator
intercepting her online banking credentials and making a transfer
totaling 7,000.00 euros to account number ................ of the bank
.........
C) The beneficiary of the aforementioned account is ......... born on
16/05/1995 in the Municipality of ........., residing at ..............,
with ID number .................... issued on 02/10/2009 by T.A
.............. and tax number ............. from the tax office
...................
D) The criminal proceeds reportedly arising from the above criminal
activity amount to a total of seven thousand euros (7,000.00€).
Following the above, serious suspicions arise that the aforementioned
criminal proceeds transferred to the aforementioned bank account were
unlawfully appropriated by her and subsequently mixed with other legally
held assets, which she used in her overall economic activities, aiming
to launder them, thus concealing their true origin and making it
impossible for them to be seized. Therefore, there are reasonable
suspicions that the aforementioned individual committed not only the
primary offense but also the criminal act of “Money Laundering” (Article
2 §1 a, d of Law 4557/2018, in conjunction with Article 4 subparagraph z
of the same law as it stands, as well as Article 39 paragraph 1
subparagraphs a & c of the same Law 4557/2018). Because there are
serious suspicions that the bank account numbered .......... maintained
at the bank ....................., whose beneficiary is ..... (Tax ID
....................), contains part of the monetary amount from the
aforementioned criminal activity that was placed behind banking secrecy
to conceal its true origin and ultimately to launder it. Because, in
this case, part of the criminal proceeds has been found while the
remainder has not been found in its entirety, there is a lawful reason
and an urgent case for prohibiting the sale or any other transfer of the
following assets, given that they are subject to seizure and forfeiture
according to Articles 40 and 42 of Law 4557/2018 as they currently
stand.
- >-
The supervisory authorities should monitor the application of the
provisions pursuant to this Regulation and contribute to its consistent
application throughout the Union, in order to protect natural persons in
relation to the processing of their personal data and to facilitate the
free flow of personal data within the internal market. For that purpose,
the supervisory authorities should cooperate with each other and with
the Commission, without the need for any agreement between Member States
on the provision of mutual assistance or on such cooperation.
- source_sentence: When can a data subject seek an effective judicial remedy?
sentences:
- >-
1.Without prejudice to any available administrative or non-judicial
remedy, including the right to lodge a complaint with a supervisory
authority pursuant to Article 77, each data subject shall have the right
to an effective judicial remedy where he or she considers that his or
her rights under this Regulation have been infringed as a result of the
processing of his or her personal data in non-compliance with this
Regulation.
2.Proceedings against a controller or a processor shall be brought
before the courts of the Member State where the controller or processor
has an establishment. Alternatively, such proceedings may be brought
before the courts of the Member State where the data subject has his or
her habitual residence, unless the controller or processor is a public
authority of a Member State acting in the exercise of its public powers.
4.5.2016 L 119/80 (1) Regulation (EC) No 1049/2001 of the European
Parliament and of the Council of 30 May 2001 regarding public access to
European Parliament, Council and Commission documents (OJ L 145,
31.5.2001, p. 43).
- >-
**Court (Civil/Criminal): Civil**
**Provisions:**
**Time of commission of the act:**
**Outcome (not guilty, guilty):**
**Reasoning:** Partially accepts the lawsuit.
**Facts:** The plaintiff, who works as a lawyer, maintains a savings
account with the defendant banking corporation under account number
GR.............. Pursuant to a contract dated June 11, 2010, established
in Thessaloniki between the defendant and the plaintiff, the plaintiff
was granted access to the electronic banking system (e-banking) to
conduct banking transactions remotely. On October 10, 2020, the
plaintiff fell victim to electronic fraud through the "phishing" method,
whereby an unknown perpetrator managed to extract and transfer €3,000.00
from the plaintiff’s account to another account of the same bank.
Specifically, on that day at 6:51 a.m., the plaintiff received an email
from the sender ".........", with the address ..........., informing him
that his debit card had been suspended and that online payments and cash
withdrawals could not be made until the issue was resolved. The email
urged him to confirm his details within the next 72 hours by following a
link titled "card activation."
The plaintiff read the above email on his mobile phone around 8:00 a.m.,
and believing it came from the defendant, he followed the instructions
and accessed a website that was identical (a clone) to that of the
defendant. On this page, he was asked to enter his login credentials to
connect to the service, which he did, and he was subsequently asked to
input his debit card details for the alleged activation, which he also
provided. Then, to complete the process, a number was sent to his mobile
phone at 8:07 a.m. from the sender ........, which he entered, and two
minutes later he received a message from the same sender in English
stating that the quick access code had been activated on his mobile. A
few minutes later, at 8:18 a.m., he received an email from the defendant
informing him of the transfer of €3,000.00 from his account to account
number GR ........... held at the same bank, with the beneficiary's
details being .......... As soon as the plaintiff read this, he
immediately called the defendant's call center and canceled his debit
card, the access codes for the service ......., and locked the
application .......... At the same time, he verbally submitted a request
to dispute and cancel the contested transaction, and in a subsequent
phone call, he also canceled his credit card. On the same day, he also
sent an email to the defendant informing them in writing of the above
and requesting the cancellation of the transaction and the return of the
amount of €3,000.00 to his account, as this transfer was not made by him
but by an unknown perpetrator through electronic fraud and was not
approved by him. It should also be noted that the plaintiff, as the sole
beneficiary according to the aforementioned contract for using the
defendant's Internet Banking service, never received any update via SMS
or the VIBER application from the bank regarding the transaction details
before its completion, nor did he receive a one-time code (OTP) to
approve the contested transaction. He subsequently filed a complaint
against unknown persons at the Cyber Crime Division for the crime of
fraud. The defendant sent an email to the plaintiff on October 16, 2020,
informing him that his request had been forwarded to the appropriate
department of the bank for investigation, stating that the bank would
never send him an email or SMS asking him to enter his personal data and
that as of October 7, 2020, there was a notice posted for its customers
regarding malicious attempts to steal personal data in the "Our News"
section on ....... A month after the disputed incident, on November 10,
2020, an amount of €2,296.82 was transferred to the plaintiff's account
from the account to which the fraudulent credit had been made. The
plaintiff immediately sent an email to the defendant asking to be
informed whether this transfer was a return of part of the amount that
had been illegally withdrawn from his account and requested the return
of the remaining amount of €703.18. In its response dated January 13,
2021, the defendant confirmed that the aforementioned amount indeed came
from the account to which the fraudulent credit had been made, following
a freeze of that account initiated by the defendant during the
investigation of the incident, but refused to return the remaining
amount, claiming it bore no responsibility for the leak of the personal
codes to third parties, according to the terms of the service contract
established between them.
From the entirety of the evidence presented to the court, there is no
indication of the authenticity of the contested transaction, as the
plaintiff did not give his consent for the execution of the transfer of
the amount of €3,000.00, especially in light of the provision in Article
72 paragraph 2 of Law 4537/2018 stating that the mere use of the
Internet Banking service by the plaintiff does not necessarily
constitute sufficient evidence that the payer approved the payment
action. Specifically, it was proven that the contested transaction was
not carried out following a strong identification of the plaintiff – the
sole beneficiary of the account – and his approval, as the latter may
have entered his personal codes on the counterfeit website; however, he
was never informed, before the completion of the contested transaction,
of the amount that would be transferred from his account to a
third-party account, nor did he receive on his mobile phone, either via
SMS or through the VIBER application or any other means, the one-time
code - extra PIN for its completion, which he was required to enter to
approve the contested transaction (payment action) and thus complete his
identification, a fact that was not countered by any evidence from the
defendant. Furthermore, it is noted that the defendant's claims that it
bears no responsibility under the terms of the banking services
contract, whereby it is not liable for any damage to its customer in
cases of unauthorized use of their personal access codes to the Internet
Banking service, are to be rejected as fundamentally unfounded. This is
because the aforementioned contractual terms are invalid according to
the provision of Article 103 of Law 4537/2018, as they contradict the
provisions of Articles 71, 73, and 92 of the same Law, which provide for
the provider's universal liability and its exemption only for unusual
and unforeseen circumstances that are beyond the control of the party
invoking them and whose consequences could not have been avoided despite
all efforts to the contrary; these provisions establish mandatory law in
favor of users, as according to Article 103 of Law 4537/2018, payment
service providers are prohibited from deviating from the provisions to
the detriment of payment service users, unless the possibility of
deviation is explicitly provided and they can decide to offer only more
favorable terms to payment service users; the aforementioned contractual
terms do not constitute more favorable terms but rather disadvantageous
terms for the payment service user. In this case, however, the defendant
did not prove the authenticity of the transaction and its approval by
the plaintiff and did not invoke, nor did any unusual and unforeseen
circumstances beyond its control, the consequences of which could not
have been avoided despite all efforts to the contrary, come to light.
Therefore, the contested transaction transferring the amount of
€3,000.00 is considered, in the absence of demonstrable consent from the
plaintiff, unapproved according to the provisions of Article 64 of Law
4537/2018, and the defendant's contrary claims are rejected, especially
since the plaintiff proceeded, according to Article 71 paragraph 1 of
Law 4537/2018, without undue delay to notify the defendant regarding the
contested unapproved payment action. Consequently, the defendant is
liable for compensating the plaintiff for the positive damage he
suffered under Article 73 of Law 4537/2018 and is obliged to pay him the
requested amount of €703.18, while the plaintiff’s fault in the
occurrence of this damage cannot be established, as he entered his
personal details in an online environment that was a faithful imitation
of that of the defendant, as evidenced by the comparison of the
screenshots of the fake website and the real website provided by the
plaintiff, a fact that he could not have known while being fully
convinced that he was transacting with the defendant. Furthermore, the
defendant’s liability to compensate the plaintiff is based on the
provision of Article 8 of Law 2251/1994, which applies in this case, as
the plaintiff's damage resulted from inadequate fulfillment of its
obligations in the context of providing its services, but also on the
provision of Article 914 of the Civil Code in the sense of omission on
its part of unlawfully and culpably imposed actions. In this case, given
that during the relevant period there had been a multitude of similar
incidents of fraud against the defendant's customers, the latter, as a
service provider to the consumer public and bearing transactional
obligations of care and security towards them, displayed gross
negligence regarding the security provided for electronic transaction
services, which was compromised by the fraudulent theft of funds, as it
did not comply with all required high-security measures for executing
the contested transaction, failing to implement the strict customer
identification verification process and to check the authenticity of the
account to which the funds were sent, thus not assuming the suspicious
nature of the transaction, did not adopt comprehensive and improved
protective measures to fully protect its customers against malicious
attacks and online fraud and to prevent the infiltration of unauthorized
third parties, nor did it fulfill its obligations to inform, accurately
inform, and warn its consumers - customers, as it failed to adequately
inform them of attempts to steal their personal data through the sending
of informative emails or SMS, while merely posting in a section rather
than on a central banner (as it later did) does not constitute adequate
information such that it meets the requirement of protecting its
customers and the increased safeguarding of their interests. Although
the plaintiff acted promptly and informed the defendant on the same day
about the contested incident, the defendant did not act as promptly
regarding the investigation of the incident and the freezing of the
account that held the fraudulent credit to prevent the plaintiff's loss,
but only returned part of the funds to the plaintiff a month later. This
behavior, beyond being culpable due to gross negligence, was also
unlawful, as it would have been illegal even without the contractual
relationship, as contrary to the provisions of Law 4537/2018 and Law
2251/1994, regarding the lack of security of the services that the
consumer is legitimately entitled to expect, as well as the building of
trust that is essential in banking transactions, elements that it was
obligated to provide within the sphere of the services offered, and
contrary to the principles of good faith and commercial ethics, as
crystallized in the provision of Article 288 of the Civil Code, as well
as the general duty imposed by Article 914 of the Civil Code not to
cause harm to another culpably. This resulted not only in positive
damage to the plaintiff but also in causing him moral harm consisting of
his mental distress and the disruption, agitation, and sorrow he
experienced, for which he must be awarded financial compensation. Taking
into account all the general circumstances of the case, the extent of
the plaintiff's damage, the severity of the defendant's fault, the
mental distress suffered by the plaintiff, the insecurity he felt
regarding his deposits, the sorrow he experienced, and the stress caused
by his financial loss, which occurred during the pandemic period when
his earnings from his professional activity had significantly decreased,
as well as the financial and social situation of the parties, it is the
court's opinion that he should be granted, as financial compensation for
his moral harm, an amount of €250.00, which is deemed reasonable and
fair. Therefore, the total monetary amount that the plaintiff is
entitled to for his positive damage and financial compensation for the
moral harm suffered amounts to a total of (€703.18 + €250.00) = €953.18.
- >
Whoever, without authorization, copies, uses, discloses to another
person, or in any way violates data of a computer or a computer program,
which belong to the realm of state secrets, private secrets, business
secrets, trade secrets, or privacy, shall be punished by imprisonment
from three months to five years. Private computer data or programs
should be considered all the data and programs that the legal holder
keeps secret with justified interest, especially if the owner had taken
security measures.
If the offender is in the service of the legal holder of the data, or
the secret computer data and programs have a great economic value, the
act shall be punished by imprisonment from one year to five years.
If the secret computer data and programs belong to the realm of military
or diplomatic secrets, or of the security of the state, the act shall be
punished according to Articles 146–147.
The offences of paragraphs 1–2 are prosecuted only upon complaint.
- source_sentence: What triggers the need for a review of processing operations?
sentences:
- >-
The data subject should have the right not to be subject to a decision,
which may include a measure, evaluating personal aspects relating to him
or her which is based solely on automated processing and which produces
legal effects concerning him or her or similarly significantly affects
him or her, such as automatic refusal of an online credit application or
e-recruiting practices without any human intervention. Such processing
includes ‘profiling’ that consists of any form of automated processing
of personal data evaluating the personal aspects relating to a natural
person, in particular to analyse or predict aspects concerning the data
subject's performance at work, economic situation, health, personal
preferences or interests, reliability or behaviour, location or
movements, where it produces legal effects concerning him or her or
similarly significantly affects him or her. However, decision-making
based on such processing, including profiling, should be allowed where
expressly authorised by Union or Member State law to which the
controller is subject, including for fraud and tax-evasion monitoring
and prevention purposes conducted in accordance with the regulations,
standards and recommendations of Union institutions or national
oversight bodies and to ensure the security and reliability of a service
provided by the controller, or necessary for the entering or performance
of a contract between the data subject and a controller, or when the
data subject has given his or her explicit consent. In any case, such
processing should be subject to suitable safeguards, which should
include specific information to the data subject and the right to obtain
human intervention, to express his or her point of view, to obtain an
explanation of the decision reached after such assessment and to
challenge the decision. Such measure should not concern a child. In
order to ensure fair and transparent processing in respect of the data
subject, taking into account the specific circumstances and context in
which the personal data are processed, the controller should use
appropriate mathematical or statistical procedures for the profiling,
implement technical and organisational measures appropriate to ensure,
in particular, that factors which result in inaccuracies in personal
data are corrected and the risk of errors is minimised, secure personal
data in a manner that takes account of the potential risks involved for
the interests and rights of the data subject and that prevents, inter
alia, discriminatory effects on natural persons on the basis of racial
or ethnic origin, political opinion, religion or beliefs, trade union
membership, genetic or health status or sexual orientation, or that
result in measures having such an effect. Automated decision-making and
profiling based on special categories of personal data should be allowed
only under specific conditions.
- >-
Court (Civil/Criminal): Civil
Provisions: Law 4537/2018.
Time of commission of act:
Outcome (not guilty, guilty):
Reasoning: PARTIALLY ACCEPTS the lawsuit. RECOGNIZES the obligation of
the defendant (a) to pay the plaintiffs in full the amount of eight
thousand eight hundred ninety (8,890) euros, with legal interest from
December 2, 2021, and (b) to pay each of the plaintiffs the amount of
five hundred (500) euros with legal interest from the service of the
lawsuit.
Facts: The plaintiffs claim that they are co-beneficiaries of a savings
account held by the defendant, and that unknown perpetrators gained
access to the aforementioned account via the internet, without the
plaintiffs themselves having any fault regarding the safeguarding of the
codes or the disclosure of the unique transaction codes (OTR). They
assert that the defendant is responsible for the access gained by the
unknown perpetrators to the savings account, as the defendant
negligently violated the protective obligations it owed to the
plaintiffs. They state that, due to the actions of the unknown
perpetrators, gradual transfers of monetary amounts were made, resulting
in the aforementioned savings account being depleted by the amount of
10,120 euros within a few minutes. They informed the defendant of the
aforementioned actions through the appropriate channels; however, the
defendant negligently delayed the necessary actions. The defendant
denies any liability and the return of the aforementioned monetary
amount.
- >-
1.Where a type of processing in particular using new technologies, and
taking into account the nature, scope, context and purposes of the
processing, is likely to result in a high risk to the rights and
freedoms of natural persons, the controller shall, prior to the
processing, carry out an assessment of the impact of the envisaged
processing operations on the protection of personal data. A single
assessment may address a set of similar processing operations that
present similar high risks.
2.The controller shall seek the advice of the data protection officer,
where designated, when carrying out a data protection impact assessment.
3.A data protection impact assessment referred to in paragraph 1 shall
in particular be required in the case of: (a) a systematic and
extensive evaluation of personal aspects relating to natural persons
which is based on automated processing, including profiling, and on
which decisions are based that produce legal effects concerning the
natural person or similarly significantly affect the natural person;
(b) processing on a large scale of special categories of data referred
to in Article 9(1), or of personal data relating to criminal convictions
and offences referred to in Article 10; or (c) a systematic monitoring
of a publicly accessible area on a large scale.
4.The supervisory authority shall establish and make public a list of
the kind of processing operations which are subject to the requirement
for a data protection impact assessment pursuant to paragraph 1. The
supervisory authority shall communicate those lists to the Board
referred to in Article 68
5.The supervisory authority may also establish and make public a list of
the kind of processing operations for which no data protection impact
assessment is required. The supervisory authority shall communicate
those lists to the Board.
6.Prior to the adoption of the lists referred to in paragraphs 4 and 5,
the competent supervisory authority shall apply the consistency
mechanism referred to in Article 63 where such lists involve processing
activities which are related to the offering of goods or services to
data subjects or to the monitoring of their behaviour in several Member
States, or may substantially affect the free movement of personal data
within the Union. 4.5.2016 L 119/53
7.The assessment shall contain at least: (a) a systematic description
of the envisaged processing operations and the purposes of the
processing, including, where applicable, the legitimate interest pursued
by the controller; (b) an assessment of the necessity and
proportionality of the processing operations in relation to the
purposes; (c) an assessment of the risks to the rights and freedoms of
data subjects referred to in paragraph 1; and (d) the measures
envisaged to address the risks, including safeguards, security measures
and mechanisms to ensure the protection of personal data and to
demonstrate compliance with this Regulation taking into account the
rights and legitimate interests of data subjects and other persons
concerned.
8.Compliance with approved codes of conduct referred to in Article 40 by
the relevant controllers or processors shall be taken into due account
in assessing the impact of the processing operations performed by such
controllers or processors, in particular for the purposes of a data
protection impact assessment.
9.Where appropriate, the controller shall seek the views of data
subjects or their representatives on the intended processing, without
prejudice to the protection of commercial or public interests or the
security of processing operations.
10.Where processing pursuant to point (c) or (e) of Article 6(1) has a
legal basis in Union law or in the law of the Member State to which the
controller is subject, that law regulates the specific processing
operation or set of operations in question, and a data protection impact
assessment has already been carried out as part of a general impact
assessment in the context of the adoption of that legal basis,
paragraphs 1 to 7 shall not apply unless Member States deem it to be
necessary to carry out such an assessment prior to processing
activities.
11. Where necessary, the controller shall carry out a review to assess
if processing is performed in accordance with the data protection impact
assessment at least when there is a change of the risk represented by
processing operations.
- source_sentence: >-
What elements does the Commission take into account when assessing the
adequacy of the level of protection?
sentences:
- >-
**Court (Civil/Criminal): Civil**
**Provisions:**
**Time of commission of the act:**
**Outcome (not guilty, guilty):**
**Rationale:**
**Facts:**
The plaintiff holds credit card number ............ with the defendant
banking corporation. Based on the application for alternative networks
dated 19/7/2015 with number ......... submitted at a branch of the
defendant, he was granted access to the electronic banking service
(e-banking) to conduct banking transactions (debit, credit, updates,
payments) remotely. On 30/11/2020, the plaintiff fell victim to
electronic fraud through the "phishing" method, whereby an unknown
perpetrator managed to withdraw a total amount of €3,121.75 from the
aforementioned credit card. Specifically, the plaintiff received an
email at 1:35 PM on 29/11/2020 from sender ...... with address ........,
informing him that due to an impending system change, he needed to
verify the mobile phone number linked to the credit card, urging him to
complete the verification process within the next 24 hours by following
a link titled ........; otherwise, his account would be locked for
security reasons. The plaintiff read this email on the afternoon of 30
November 2020 and, believing it was from the defendant, followed the
instructions and proceeded via the provided link to a website that was
identical (a clone) to that of the defendant. On this page, he was asked
to enter the six-digit security code (.........) that had just been sent
to his mobile phone by the defendant at 3:41 PM, with the note that it
was an activation code for his ........ card at ........., which he
entered.
Subsequently, the plaintiff received, according to his statements, a new
email (not submitted), which requested him to enter the details of the
aforementioned credit card, specifically the name of the cardholder and
the card number, not the PIN, which he also entered, convinced that he
was within the online environment of the defendant. Then, at 3:47 PM, he
received a message on his mobile phone from the defendant containing the
exact same content as the one he received at 3:41 PM, while at 3:50 PM
he received a message stating that the activation of his ......... card
at ....... had been completed. Once the plaintiff read this, he became
concerned that something was not right, and immediately called (at 4:41
PM) the defendant's call center to inform them. There, the employees,
with whom he finally connected at 5:04 PM due to high call center
volume, advised him to delete the relevant emails, cancel his credit
card, change his access passwords for the service, and submit a dispute
request regarding the conducted transactions. The plaintiff
electronically sent this request to the defendant, disputing the
detailed transactions amounting to €3,121.75, which were conducted on
30/11/2020 during the time frame of 16:37:45-16:43:34 PM, arguing that
he had neither performed them himself nor authorized anyone else to do
so. The plaintiff specifically disputed the following transactions, as
evidenced by the account activity of the disputed credit card during the
aforementioned timeframe: a) transaction number ......... amounting to
€150.62 conducted on 30/11/2020 at 4:43:34 PM, b) transaction number
........ amounting to €293.20 conducted on 30/11/2020 at 4:42:40 PM, c)
transaction number ............ amounting to €295.21 conducted on
30/11/2020 at 4:42:10 PM, d) transaction number .......... amounting to
€299.22 conducted on 30/11/2020 at 4:41:31 PM, e) transaction number
........ amounting to €297.21 conducted on 30/11/2020 at 4:41:01 PM, f)
transaction number ........ amounting to €299.22 conducted on 30/11/2020
at 4:40:27 PM, g) transaction number ....... amounting to €299.22
conducted on 30/11/2020 at 4:39:55 PM, h) transaction number ......
amounting to €299.22 conducted on 30/11/2020 at 4:39:22 PM, i)
transaction number ......... amounting to €297.22 conducted on
30/11/2020 at 4:38:52 PM, j) transaction number ......... amounting to
€295.21 conducted on 30/11/2020 at 4:38:17 PM, and k) transaction number
......... amounting to €296.21 conducted on 30/11/2020 at 4:37:45 PM. In
its response letter dated 21/12/2020, the defendant denied
responsibility for the costs of the aforementioned transactions, placing
the entire blame on the plaintiff for the leak of his card details and
security code to the fraudulent page. The plaintiff, completely denying
any fault for the conducted transactions, repeatedly contacted the
defendant, both by phone and via email (see emails dated 15/1/2021 and
11/2/2021), while on 2/3/2021, he electronically sent a report dated
1/03/2021 to the Consumer Advocate’s email address, recounting the
events and requesting that the aforementioned Independent Authority
intervene to have the disputed debt canceled. In its letter with
reference number ...../27.04.2021, the aforementioned Independent
Authority informed the plaintiff that the case was outside its mediating
role and was therefore archived. Subsequently, the plaintiff sent the
defendant on 5/3/2021 his extrajudicial statement dated 4/3/2021,
calling upon it to fully cancel the debt of €3,121.75 that had been
unjustly incurred against him within two days and to immediately
instruct the representatives of the collection agency working with it to
cease contacting him regarding the disputed case. The defendant sent the
plaintiff a message on his mobile phone on 20/04/2021 informing him that
his case was still being processed due to lengthy operational
requirements, while on 23/04/2021, via email, it informed him that
considering their good cooperation and his efforts to keep them updated,
it had reviewed his case and decided to refund him the amounts of the
transactions that were conducted after his contact with their
representatives on 30/11/2020 at 4:41 PM, totaling €1,038.25,
specifically the following: a) transaction of €150.62 conducted on
30/11/2020 at 4:43 PM, b) transaction of €295.21 conducted on 30/11/2020
at 4:42 PM, c) transaction of €293.20 conducted on 30/11/2020 at 4:42
PM, and d) transaction of €299.22 conducted on 30/11/2020 at 4:41 PM.
Beyond this, the defendant refused to refund the plaintiff the amount of
the remaining transactions conducted on 30/11/2020, totaling €2,376.08
(and not €2,376.48 as incorrectly stated by the plaintiff in his
lawsuit), which the plaintiff ultimately fully paid, transferring
€2,342.77 to the defendant on 7/06/2021 and €33.31 on 15/06/2021 (see
related deposit receipts).
- >-
**Court (Civil/Criminal): Civil**
**Provisions:**
**Time of commission of the act:**
**Outcome (not guilty, guilty):**
**Reasoning:** Claim for compensation and monetary satisfaction due to
moral damage against a mobile phone company and a credit institution
within the framework of inadequate fulfillment of a payment services
contract for "web banking." Appropriate actions for mobile phone
companies in case of a request for a "sim" card replacement due to wear
or loss. They must verify the customer's identity based on the personal
details and identification information registered in their system but
are not liable for any changes in the latter that were not timely
communicated to them. Further security measures such as phone
communication or sending an SMS to the mobile number holder are not
required. Payment services under Law 4357/2018. Obligation of the
payment service provider, such as banks, to inform the payer after
receiving a relevant order for making a payment. The content of this
varies per case, such as sending a personalized code to the user's
mobile phone for transaction approval, as well as sending an email
immediately after its completion. However, the bank is not liable for
customer damage resulting from illicit electronic transactions due to
third-party interception of either the access codes for electronic
banking transactions or the sim card and the phone number to which the
personalized codes for approving the aforementioned transactions are
sent, within the framework of increased security protocols. Appropriate
actions by banks upon diagnosing illicit banking transactions that may
be fraudulent. Relevant criteria for consideration. The evidence did not
indicate negligent and thus tortious behavior from all defendants. The
claim is dismissed.
**Facts:** In the present claim, upon due assessment of its content, the
plaintiff states that he has a mobile phone subscription with the first
defendant, a mobile phone company. On October 26, 2020, in the morning,
he realized that his mobile phone was offline, and by noon, he received
email notifications from Bank .......... and ............ (whose third
and fourth defendants are de facto universal successors, respectively),
with which he holds an account, regarding transactions he had made. From
phone calls from his home phone to Bank .............. and ............
Bank, he was informed that on the same day, in a very short period, four
money transfers had been made from the account he maintains at Bank
.............., specifically, an amount of €15,000 was transferred to
the account mentioned in the claim document under the name ...........,
at ........ an amount of €15,000 was transferred to the account
mentioned in the claim document under the name ......... at ...........
Bank, an amount of €15,000 was transferred to the plaintiff's account
with his daughter as a co-holder at ......... Bank, and an amount of
€6,700 was transferred from another of his accounts to the account from
which the transfer to the aforementioned accounts of €45,000 was made.
Additionally, from the plaintiff's account with his daughter as a
co-holder at .......... Bank, an amount of €9,999 was transferred to an
account under the name of .... . He attempted to log into the online
banking service of Bank ......... from his home computer, but found that
the service was locked, while regarding the corresponding service of
........... Bank, he requested alongside his daughter to 'lock' it. In a
phone call with the call center of Bank ............, he was informed
about the locking of his electronic account in the online banking
service and was told to dispute the transactions, which he did
immediately through ... banking, while his daughter communicated about
this with ....... Bank. The transfer to the account with the beneficiary
was canceled, and the amount of €15,000 was returned to the plaintiff.
After his investigation, he discovered that an unknown individual
appeared at the branch of the first defendant, served by the second
defendant, who posed as the plaintiff and presented a forged military ID
card of the plaintiff, requesting and receiving a new sim card,
resulting in the deactivation of the plaintiff's sim card and gaining
access to the codes sent to him by the banks for completing the
transfers. Due to the negligence of the second defendant, he did not
realize that the identity used was forged, as since 2010, when the
plaintiff retired, he has had a police identification card. The first
defendant does not have security protocols to prevent such incidents,
which constitute the sim .... method, despite the issuance of a press
release from the Attica Security and numerous publications regarding the
aforementioned method, unlike other mobile phone companies, which
implement a specific procedure for changing sim cards. The second
defendant did not take the obvious step to check the functioning of the
sim card before replacing it, where he would have realized that the
plaintiff's mobile phone was functioning normally. Bank .......... and
........... Bank: a) accepted requests for transferring large amounts of
money from accounts that had no similar activity in the past, while the
plaintiff's online banking account with the above banks was locked quite
some time later, b) sent email notifications regarding successful
transactions in succession, under a single email, c) did not check the
address ... of the perpetrators, which was different from that used by
the plaintiff, and d) did not take necessary security measures to
prevent fraud via sim ... against the plaintiff, as the security code
(pin) sent by the banks via message to the mobile phone proved to be
compromised. As a result of the above illegal and culpable behavior of
the defendants, the plaintiff suffered property damage amounting to a
total of €24,999, which constitutes the total amount of the transfers
made by third unknown persons to accounts of unknown individuals, as
stated above, and has not been refunded despite his repeated inquiries,
while he also suffered distress and mental anguish, and his trust in the
banks was shaken, thus entitling him to monetary compensation for his
moral damage, amounting to €5,000.
- >-
1.A transfer of personal data to a third country or an international
organisation may take place where the Commission has decided that the
third country, a territory or one or more specified sectors within that
third country, or the international organisation in question ensures an
adequate level of protection. Such a transfer shall not require any
specific authorisation.
2.When assessing the adequacy of the level of protection, the Commission
shall, in particular, take account of the following elements: (a) the
rule of law, respect for human rights and fundamental freedoms, relevant
legislation, both general and sectoral, including concerning public
security, defence, national security and criminal law and the access of
public authorities to personal data, as well as the implementation of
such legislation, data protection rules, professional rules and security
measures, including rules for the onward transfer of personal data to
another third country or international organisation which are complied
with in that country or international organisation, case-law, as well as
effective and enforceable data subject rights and effective
administrative and judicial redress for the data subjects whose personal
data are being transferred; (b) the existence and effective functioning
of one or more independent supervisory authorities in the third country
or to which an international organisation is subject, with
responsibility for ensuring and enforcing compliance with the data
protection rules, including adequate enforcement powers, for assisting
and advising the data subjects in exercising their rights and for
cooperation with the supervisory authorities of the Member States; and
(c) the international commitments the third country or international
organisation concerned has entered into, or other obligations arising
from legally binding conventions or instruments as well as from its
participation in multilateral or regional systems, in particular in
relation to the protection of personal data.
3.The Commission, after assessing the adequacy of the level of
protection, may decide, by means of implementing act, that a third
country, a territory or one or more specified sectors within a third
country, or an international organisation ensures an adequate level of
protection within the meaning of paragraph 2 of this Article. The
implementing act shall provide for a mechanism for a periodic review, at
least every four years, which shall take into account all relevant
developments in the third country or international organisation. The
implementing act shall specify its territorial and sectoral application
and, where applicable, identify the supervisory authority or authorities
referred to in point (b) of paragraph 2 of this Article. The
implementing act shall be adopted in accordance with the examination
procedure referred to in Article 93(2).
4.The Commission shall, on an ongoing basis, monitor developments in
third countries and international organisations that could affect the
functioning of decisions adopted pursuant to paragraph 3 of this Article
and decisions adopted on the basis of Article 25(6) of Directive
95/46/EC.
5.The Commission shall, where available information reveals, in
particular following the review referred to in paragraph 3 of this
Article, that a third country, a territory or one or more specified
sectors within a third country, or an international organisation no
longer ensures an adequate level of protection within the meaning of
paragraph 2 of this Article, to the extent necessary, repeal, amend or
suspend the decision referred to in paragraph 3 of this Article by means
of implementing acts without retro-active effect. Those implementing
acts shall be adopted in accordance with the examination procedure
referred to in Article 93(2). On duly justified imperative grounds of
urgency, the Commission shall adopt immediately applicable implementing
acts in accordance with the procedure referred to in Article 93(3).
6.The Commission shall enter into consultations with the third country
or international organisation with a view to remedying the situation
giving rise to the decision made pursuant to paragraph 5
7.A decision pursuant to paragraph 5 of this Article is without
prejudice to transfers of personal data to the third country, a
territory or one or more specified sectors within that third country, or
the international organisation in question pursuant to Articles 46 to 49
8.The Commission shall publish in the Official Journal of the European
Union and on its website a list of the third countries, territories and
specified sectors within a third country and international organisations
for which it has decided that an adequate level of protection is or is
no longer ensured.
9.Decisions adopted by the Commission on the basis of Article 25(6) of
Directive 95/46/EC shall remain in force until amended, replaced or
repealed by a Commission Decision adopted in accordance with paragraph 3
or 5 of this Article.
- source_sentence: >-
What can the contract be based on, besides individual contracts, in part
according to this excerpt?
sentences:
- >-
1.The Board shall draw up an annual report regarding the protection of
natural persons with regard to processing in the Union and, where
relevant, in third countries and international organisations. The report
shall be made public and be transmitted to the European Parliament, to
the Council and to the Commission.
2.The annual report shall include a review of the practical application
of the guidelines, recommendations and best practices referred to in
point (l) of Article 70(1) as well as of the binding decisions referred
to in Article 65.
- >-
1.Where processing is to be carried out on behalf of a controller, the
controller shall use only processors providing sufficient guarantees to
implement appropriate technical and organisational measures in such a
manner that processing will meet the requirements of this Regulation and
ensure the protection of the rights of the data subject.
2.The processor shall not engage another processor without prior
specific or general written authorisation of the controller. In the case
of general written authorisation, the processor shall inform the
controller of any intended changes concerning the addition or
replacement of other processors, thereby giving the controller the
opportunity to object to such changes.
3.Processing by a processor shall be governed by a contract or other
legal act under Union or Member State law, that is binding on the
processor with regard to the controller and that sets out the
subject-matter and duration of the processing, the nature and purpose of
the processing, the type of personal data and categories of data
subjects and the obligations and rights of the controller. That contract
or other legal act shall stipulate, in particular, that the processor:
(a) processes the personal data only on documented instructions from
the controller, including with regard to transfers of personal data to a
third country or an international organisation, unless required to do so
by Union or Member State law to which the processor is subject; in such
a case, the processor shall inform the controller of that legal
requirement before processing, unless that law prohibits such
information on important grounds of public interest; (b) ensures that
persons authorised to process the personal data have committed
themselves to confidentiality or are under an appropriate statutory
obligation of confidentiality; (c) takes all measures required pursuant
to Article 32; (d) respects the conditions referred to in paragraphs 2
and 4 for engaging another processor; (e) taking into account the
nature of the processing, assists the controller by appropriate
technical and organisational measures, insofar as this is possible, for
the fulfilment of the controller's obligation to respond to requests for
exercising the data subject's rights laid down in Chapter III; (f)
assists the controller in ensuring compliance with the obligations
pursuant to Articles 32 to 36 taking into account the nature of
processing and the information available to the processor; (g) at the
choice of the controller, deletes or returns all the personal data to
the controller after the end of the provision of services relating to
processing, and deletes existing copies unless Union or Member State law
requires storage of the personal data; (h) makes available to the
controller all information necessary to demonstrate compliance with the
obligations laid down in this Article and allow for and contribute to
audits, including inspections, conducted by the controller or another
auditor mandated by the controller. 4.5.2016 L 119/49 With regard to
point (h) of the first subparagraph, the processor shall immediately
inform the controller if, in its opinion, an instruction infringes this
Regulation or other Union or Member State data protection provisions.
4.Where a processor engages another processor for carrying out specific
processing activities on behalf of the controller, the same data
protection obligations as set out in the contract or other legal act
between the controller and the processor as referred to in paragraph 3
shall be imposed on that other processor by way of a contract or other
legal act under Union or Member State law, in particular providing
sufficient guarantees to implement appropriate technical and
organisational measures in such a manner that the processing will meet
the requirements of this Regulation. Where that other processor fails to
fulfil its data protection obligations, the initial processor shall
remain fully liable to the controller for the performance of that other
processor's obligations.
5.Adherence of a processor to an approved code of conduct as referred to
in Article 40 or an approved certification mechanism as referred to in
Article 42 may be used as an element by which to demonstrate sufficient
guarantees as referred to in paragraphs 1 and 4 of this Article.
6.Without prejudice to an individual contract between the controller and
the processor, the contract or the other legal act referred to in
paragraphs 3 and 4 of this Article may be based, in whole or in part, on
standard contractual clauses referred to in paragraphs 7 and 8 of this
Article, including when they are part of a certification granted to the
controller or processor pursuant to Articles 42 and 43
7.The Commission may lay down standard contractual clauses for the
matters referred to in paragraph 3 and 4 of this Article and in
accordance with the examination procedure referred to in Article 93(2).
8.A supervisory authority may adopt standard contractual clauses for the
matters referred to in paragraph 3 and 4 of this Article and in
accordance with the consistency mechanism referred to in Article 63
9.The contract or the other legal act referred to in paragraphs 3 and 4
shall be in writing, including in electronic form.
10.Without prejudice to Articles 82, 83 and 84, if a processor infringes
this Regulation by determining the purposes and means of processing, the
processor shall be considered to be a controller in respect of that
processing.
- >-
In order to ensure consistent monitoring and enforcement of this
Regulation throughout the Union, the supervisory authorities should have
in each Member State the same tasks and effective powers, including
powers of investigation, corrective powers and sanctions, and
authorisation and advisory powers, in particular in cases of complaints
from natural persons, and without prejudice to the powers of
prosecutorial authorities under Member State law, to bring infringements
of this Regulation to the attention of the judicial authorities and
engage in legal proceedings. Such powers should also include the power
to impose a temporary or definitive limitation, including a ban, on
processing. Member States may specify other tasks related to the
protection of personal data under this Regulation. The powers of
supervisory authorities should be exercised in accordance with
appropriate procedural safeguards set out in Union and Member State law,
impartially, fairly and within a reasonable time. In particular each
measure should be appropriate, necessary and proportionate in view of
ensuring compliance with this Regulation, taking into account the
circumstances of each individual case, respect the right of every person
to be heard before any individual measure which would affect him or her
adversely is taken and avoid superfluous costs and excessive
inconveniences for the persons concerned. Investigatory powers as
regards access to premises should be exercised in accordance with
specific requirements in Member State procedural law, such as the
requirement to obtain a prior judicial authorisation. Each legally
binding measure of the supervisory authority should be in writing, be
clear and unambiguous, indicate the supervisory authority which has
issued the measure, the date of issue of the measure, bear the signature
of the head, or a member of the supervisory authority authorised by him
or her, give the reasons for the measure, and refer to the right of an
effective remedy. This should not preclude additional requirements
pursuant to Member State procedural law. The adoption of a legally
binding decision implies that it may give rise to judicial review in the
Member State of the supervisory authority that adopted the decision.
pipeline_tag: sentence-similarity
library_name: sentence-transformers
metrics:
- cosine_accuracy@1
- cosine_accuracy@3
- cosine_accuracy@5
- cosine_accuracy@10
- cosine_precision@1
- cosine_precision@3
- cosine_precision@5
- cosine_precision@10
- cosine_recall@1
- cosine_recall@3
- cosine_recall@5
- cosine_recall@10
- cosine_ndcg@10
- cosine_mrr@10
- cosine_map@100
model-index:
- name: multilingual-e5-large
results:
- task:
type: information-retrieval
name: Information Retrieval
dataset:
name: dim 1024
type: dim_1024
metrics:
- type: cosine_accuracy@1
value: 0.39646464646464646
name: Cosine Accuracy@1
- type: cosine_accuracy@3
value: 0.44191919191919193
name: Cosine Accuracy@3
- type: cosine_accuracy@5
value: 0.4772727272727273
name: Cosine Accuracy@5
- type: cosine_accuracy@10
value: 0.5303030303030303
name: Cosine Accuracy@10
- type: cosine_precision@1
value: 0.39646464646464646
name: Cosine Precision@1
- type: cosine_precision@3
value: 0.38636363636363635
name: Cosine Precision@3
- type: cosine_precision@5
value: 0.3681818181818182
name: Cosine Precision@5
- type: cosine_precision@10
value: 0.3290404040404041
name: Cosine Precision@10
- type: cosine_recall@1
value: 0.08304287864930793
name: Cosine Recall@1
- type: cosine_recall@3
value: 0.2081343496506072
name: Cosine Recall@3
- type: cosine_recall@5
value: 0.2835680574260267
name: Cosine Recall@5
- type: cosine_recall@10
value: 0.39409768094763203
name: Cosine Recall@10
- type: cosine_ndcg@10
value: 0.4598689419093947
name: Cosine Ndcg@10
- type: cosine_mrr@10
value: 0.42710938752605426
name: Cosine Mrr@10
- type: cosine_map@100
value: 0.5168519133450287
name: Cosine Map@100
- task:
type: information-retrieval
name: Information Retrieval
dataset:
name: dim 768
type: dim_768
metrics:
- type: cosine_accuracy@1
value: 0.3939393939393939
name: Cosine Accuracy@1
- type: cosine_accuracy@3
value: 0.44191919191919193
name: Cosine Accuracy@3
- type: cosine_accuracy@5
value: 0.5025252525252525
name: Cosine Accuracy@5
- type: cosine_accuracy@10
value: 0.5505050505050505
name: Cosine Accuracy@10
- type: cosine_precision@1
value: 0.3939393939393939
name: Cosine Precision@1
- type: cosine_precision@3
value: 0.3855218855218855
name: Cosine Precision@3
- type: cosine_precision@5
value: 0.37626262626262624
name: Cosine Precision@5
- type: cosine_precision@10
value: 0.3446969696969697
name: Cosine Precision@10
- type: cosine_recall@1
value: 0.08168070862236515
name: Cosine Recall@1
- type: cosine_recall@3
value: 0.20453019286463223
name: Cosine Recall@3
- type: cosine_recall@5
value: 0.2832633651660053
name: Cosine Recall@5
- type: cosine_recall@10
value: 0.40242302005471103
name: Cosine Recall@10
- type: cosine_ndcg@10
value: 0.47166637655254595
name: Cosine Ndcg@10
- type: cosine_mrr@10
value: 0.4309634038800705
name: Cosine Mrr@10
- type: cosine_map@100
value: 0.5280748790211213
name: Cosine Map@100
- task:
type: information-retrieval
name: Information Retrieval
dataset:
name: dim 512
type: dim_512
metrics:
- type: cosine_accuracy@1
value: 0.3787878787878788
name: Cosine Accuracy@1
- type: cosine_accuracy@3
value: 0.4318181818181818
name: Cosine Accuracy@3
- type: cosine_accuracy@5
value: 0.48484848484848486
name: Cosine Accuracy@5
- type: cosine_accuracy@10
value: 0.5303030303030303
name: Cosine Accuracy@10
- type: cosine_precision@1
value: 0.3787878787878788
name: Cosine Precision@1
- type: cosine_precision@3
value: 0.3728956228956229
name: Cosine Precision@3
- type: cosine_precision@5
value: 0.36060606060606065
name: Cosine Precision@5
- type: cosine_precision@10
value: 0.32601010101010097
name: Cosine Precision@10
- type: cosine_recall@1
value: 0.07971959353722971
name: Cosine Recall@1
- type: cosine_recall@3
value: 0.2026184382863416
name: Cosine Recall@3
- type: cosine_recall@5
value: 0.27887644095443376
name: Cosine Recall@5
- type: cosine_recall@10
value: 0.39430746021109475
name: Cosine Recall@10
- type: cosine_ndcg@10
value: 0.45372338563687165
name: Cosine Ndcg@10
- type: cosine_mrr@10
value: 0.414860910694244
name: Cosine Mrr@10
- type: cosine_map@100
value: 0.5082323561062431
name: Cosine Map@100
- task:
type: information-retrieval
name: Information Retrieval
dataset:
name: dim 256
type: dim_256
metrics:
- type: cosine_accuracy@1
value: 0.3712121212121212
name: Cosine Accuracy@1
- type: cosine_accuracy@3
value: 0.398989898989899
name: Cosine Accuracy@3
- type: cosine_accuracy@5
value: 0.44191919191919193
name: Cosine Accuracy@5
- type: cosine_accuracy@10
value: 0.494949494949495
name: Cosine Accuracy@10
- type: cosine_precision@1
value: 0.3712121212121212
name: Cosine Precision@1
- type: cosine_precision@3
value: 0.3552188552188552
name: Cosine Precision@3
- type: cosine_precision@5
value: 0.33282828282828286
name: Cosine Precision@5
- type: cosine_precision@10
value: 0.29949494949494954
name: Cosine Precision@10
- type: cosine_recall@1
value: 0.07982818259272316
name: Cosine Recall@1
- type: cosine_recall@3
value: 0.1976196380449212
name: Cosine Recall@3
- type: cosine_recall@5
value: 0.26002173221499414
name: Cosine Recall@5
- type: cosine_recall@10
value: 0.36485373765457696
name: Cosine Recall@10
- type: cosine_ndcg@10
value: 0.4261612717180349
name: Cosine Ndcg@10
- type: cosine_mrr@10
value: 0.3972482764149431
name: Cosine Mrr@10
- type: cosine_map@100
value: 0.48924480926248376
name: Cosine Map@100
- task:
type: information-retrieval
name: Information Retrieval
dataset:
name: dim 128
type: dim_128
metrics:
- type: cosine_accuracy@1
value: 0.33585858585858586
name: Cosine Accuracy@1
- type: cosine_accuracy@3
value: 0.37626262626262624
name: Cosine Accuracy@3
- type: cosine_accuracy@5
value: 0.41919191919191917
name: Cosine Accuracy@5
- type: cosine_accuracy@10
value: 0.4797979797979798
name: Cosine Accuracy@10
- type: cosine_precision@1
value: 0.33585858585858586
name: Cosine Precision@1
- type: cosine_precision@3
value: 0.32659932659932656
name: Cosine Precision@3
- type: cosine_precision@5
value: 0.3111111111111111
name: Cosine Precision@5
- type: cosine_precision@10
value: 0.2803030303030303
name: Cosine Precision@10
- type: cosine_recall@1
value: 0.07421363164771244
name: Cosine Recall@1
- type: cosine_recall@3
value: 0.18525500642088516
name: Cosine Recall@3
- type: cosine_recall@5
value: 0.25267706028894804
name: Cosine Recall@5
- type: cosine_recall@10
value: 0.35720405753526513
name: Cosine Recall@10
- type: cosine_ndcg@10
value: 0.4004282713649355
name: Cosine Ndcg@10
- type: cosine_mrr@10
value: 0.3674543049543049
name: Cosine Mrr@10
- type: cosine_map@100
value: 0.45757274754945104
name: Cosine Map@100
- task:
type: information-retrieval
name: Information Retrieval
dataset:
name: dim 64
type: dim_64
metrics:
- type: cosine_accuracy@1
value: 0.2777777777777778
name: Cosine Accuracy@1
- type: cosine_accuracy@3
value: 0.31565656565656564
name: Cosine Accuracy@3
- type: cosine_accuracy@5
value: 0.3434343434343434
name: Cosine Accuracy@5
- type: cosine_accuracy@10
value: 0.38636363636363635
name: Cosine Accuracy@10
- type: cosine_precision@1
value: 0.2777777777777778
name: Cosine Precision@1
- type: cosine_precision@3
value: 0.2685185185185185
name: Cosine Precision@3
- type: cosine_precision@5
value: 0.253030303030303
name: Cosine Precision@5
- type: cosine_precision@10
value: 0.2222222222222222
name: Cosine Precision@10
- type: cosine_recall@1
value: 0.06505275009099755
name: Cosine Recall@1
- type: cosine_recall@3
value: 0.16288196174670413
name: Cosine Recall@3
- type: cosine_recall@5
value: 0.22036463456449257
name: Cosine Recall@5
- type: cosine_recall@10
value: 0.30790852718468
name: Cosine Recall@10
- type: cosine_ndcg@10
value: 0.3305966214431583
name: Cosine Ndcg@10
- type: cosine_mrr@10
value: 0.3029501362834696
name: Cosine Mrr@10
- type: cosine_map@100
value: 0.39861110645687153
name: Cosine Map@100
Then you can load this model and run inference.
